Change Tracking
Every modification to a CMDB record is logged with the user, timestamp, and action taken. This audit trail supports ITIL change management, compliance requirements, and forensic investigation.
What Gets Logged
CMDB tracks changes across all record types:
| Record Type | Tracked Actions |
|---|---|
| Configuration Items | Created, updated (any field change), deleted |
| Passwords | Created, updated, deleted, viewed, checked out, checked in, revealed via RMM, rotated |
| Documents | Created, updated (each version increment), deleted |
| Flexible Assets | Created, updated, deleted |
| Knowledge Base | Created, published, archived, deleted |
| Relationships | Created, deleted |
| Discovery | Configuration changed, sync triggered, CIs created from discovery |
| Network | Subnets/IPs/VLANs created, updated, deleted |
Audit Log Fields
Each audit entry captures:
| Field | Description |
|---|---|
| User | Who made the change (user ID and display name) |
| Action | What operation was performed |
| Timestamp | When the change occurred |
| IP Address | Source IP of the request |
| RMM Context | Device ID if the action originated from an RMM session |
| Record Type | What kind of record was changed |
| Record ID | Which specific record was changed |
Audit records are retained for 365 days.
Viewing Change History
Per-CI History
- Open a CI's detail page
- Scroll to the Change History section
- View a chronological log of all modifications
Per-Password Audit
- Open a password record
- View the Audit Trail showing every access, checkout, and reveal
Global Audit
All CMDB operations are logged via the standard audit system, accessible through the Hub audit log for organization-wide visibility.
Bus Events
CMDB emits events on significant changes that other products can consume:
| Event | Trigger |
|---|---|
cmdb.config.created | New CI created |
cmdb.config.updated | CI modified |
cmdb.password.accessed | Password viewed or revealed |
cmdb.password.anomaly | Unusual password access pattern |
cmdb.asset.discovered | New device found via discovery |
cmdb.document.stale | Document flagged as stale (not updated in 180+ days) |
These events can trigger automation in PSA (e.g., auto-create a change ticket when a critical CI is modified) or Defend (e.g., investigate anomalous password access).
Change tracking is automatic and cannot be disabled. All CRUD operations are logged regardless of how they were initiated — UI, API, integration, or auto-discovery.
ITIL Change Management
To align CMDB change tracking with ITIL practices:
- Before making changes to critical CIs, create a change ticket in PSA
- Reference the PSA ticket number in the CI's description when making the change
- After the change, the CMDB audit log provides evidence that the change was executed as documented
- Use the audit trail during post-implementation reviews
Next Steps
- Password Vault — Password-specific audit trail
- Integrations — How change events flow to other products
- Troubleshooting — Common audit and compliance questions